According to the advisory released today, 43 out of 71 vulnerabilities addressed by Adobe in Acrobat and Reader are rated as critical in severity, most of which could lead to arbitrary code execution in the context of the current user upon successful exploitation.

The update also includes a permanent fix for a critical, publicly disclosed zero-day vulnerability (CVE 2019-7089) impacting Adobe Reader that could allow remote attackers to steal targeted Windows NTLM hash passwords just by tricking victims into opening a specially crafted PDF file.

Another advisory related to Adobe Flash Player, which will receive security patch updates until the end of 2020, reveals the existence of an important out-of-bounds read vulnerability (CVE-2019-7090) that could lead to information disclosure.

ColdFusion, Adobe’s commercial rapid web application development platform, also receives patches for a critical arbitrary code execution flaw and an important cross-site scripting vulnerability that could result in information disclosure.

Adobe also releases security patches for an important privilege escalation vulnerability (CVE-2019-7093) in its Creative Cloud Desktop Application versions 4.7.0.400 and earlier.

The company says it is not aware of any in-the-wild exploit for the vulnerabilities addressed in its February 2019 Patch Tuesday updates.

Users of the affected Adobe software and apps for Windows and macOS systems are highly recommended to update their software packages to the latest versions as soon as possible.